ISO/IEC INTERNATIONAL STANDARD 27017 First edition 2015-12-15 Information technology Security techniques Code of practice for information security controls based on ISO/lEC 27002 for cloud services Technologies de I'information - Techniques de sécurite Code de pratique pour les controles de sécurite de I'information fondés sur IisO/IEC 27002 pour les services du nuage Reference number ISO/IEC 27017:2015(E) IEC OSI Academy of Standardization 5944055 @ISO/IEC2015 ensefromIHS ISO/IEC 27017:2015(E) COPYRIGHTPROTECTEDDOCUMENT ISO/IEC2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. ISO copyright office Case postale 56 : CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyright@iso.org Web www.iso.org Published in Switzerland nited without license from IHS ISO/IEC 27017:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnica Commission) form the specialized system for worldwide standardization. National bodies that are members of IsO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/lEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 27017 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques, in collaboration with ITU-T. The identical text is published as ITU-T. X.1631 (07/2015), y of Standardization 5944055